<?php
// Check if the file exists
// Check in subfolders too
function find_file ($dirname, $fname, &$file_path) {

	//echo $dirname; die();
	$dir = opendir($dirname);
	
	while ($file = readdir($dir)) {
		if (empty($file_path) && $file != '.' && $file != '..') {
			if (is_dir($dirname.'/'.$file)) {
				find_file($dirname.'/'.$file, $fname, $file_path);
			}
			else {
				if (file_exists($dirname.'/'.$fname)) {
					$file_path = $dirname.'/'.$fname;
					return;
				}
			}
		}
	}
} // find_file


function downloadDoc($folder_name,$file_name) //ex: $folder_name='gallery/popup/'; $file_name='im.jpg'
{
	$dir_name = dirname(str_replace(array('"',"'",'\\'), '/', dirname(__FILE__)))."/";
	
	define('ALLOWED_REFERRER', '');
	// MUST end with slash (i.e. "/" )
	define('BASE_DIR',$dir_name.$folder_name);
	
	// log downloads? true/false
	define('LOG_DOWNLOADS',true);
	
	// log file name
	define('LOG_FILE','downloads.log');
	
	// Allowed extensions list in format 'extension' => 'mime type'
	// If myme type is set to empty string then script will try to detect mime type
	// itself, which would only work if you have Mimetype or Fileinfo extensions
	// installed on server.
	$allowed_ext = array (
	
	// archives
	'zip' => 'application/zip',
	
	// documents
	'pdf' => 'application/pdf',
	'doc' => 'application/msword',
	'xls' => 'application/vnd.ms-excel',
	'ppt' => 'application/vnd.ms-powerpoint',
	
	// executables
	'exe' => 'application/octet-stream',
	
	// images
	'gif' => 'image/gif',
	'png' => 'image/png',
	'jpg' => 'image/jpeg',
	'jpeg' => 'image/jpeg',
	
	// audio
	'mp3' => 'audio/mpeg',
	'wav' => 'audio/x-wav',
	
	// video
	'mpeg' => 'video/mpeg',
	'mpg' => 'video/mpeg',
	'mpe' => 'video/mpeg',
	'mov' => 'video/quicktime',
	'avi' => 'video/x-msvideo'
	);
	
	
	
	################################################## ##################
	### DO NOT CHANGE BELOW
	################################################## ##################
	
	// If hotlinking not allowed then make hackers think there are some server problems
	if (ALLOWED_REFERRER !== ''
	&& (!isset($_SERVER['HTTP_REFERER']) || strpos(strtoupper($_SERVER['HTTP_REFERER']),strtoupper(ALLOWED_REFERRER)) === false)
	) {
	die("Internal server error. Please contact system administrator.");
	}
	
	// Make sure program execution doesn't time out
	// Set maximum script execution time in seconds (0 means no limit)
	set_time_limit(0);
	
	/* phuc
	if (!isset($_GET['f']) || empty($_GET['f'])) {
	die("Please specify file name for download.");
	}
	*/
	
	// Get real file name.
	// Remove any path info to avoid hacking by adding relative path, etc.
	// $fname = basename($_GET['f']); //phuc
	$fname = basename($file_name);
		
	// get full file path (including subfolders)
	$file_path = '';
	find_file(BASE_DIR, $fname, $file_path);
	
	if (!is_file($file_path)) {
	die("File does not exist. Make sure you specified correct file name.");
	}
	
	// file size in bytes
	$fsize = filesize($file_path);
	
	// file extension
	$fext = strtolower(substr(strrchr($fname,"."),1));
	
	// check if allowed extension
	if (!array_key_exists($fext, $allowed_ext)) {
	die("Not allowed file type.");
	}
	
	// get mime type
	if ($allowed_ext[$fext] == '') {
	$mtype = '';
	// mime type is not set, get from server settings
	if (function_exists('mime_content_type')) {
	$mtype = mime_content_type($file_path);
	}
	else if (function_exists('finfo_file')) {
	$finfo = finfo_open(FILEINFO_MIME); // return mime type
	$mtype = finfo_file($finfo, $file_path);
	finfo_close($finfo);
	}
	if ($mtype == '') {
	$mtype = "application/force-download";
	}
	}
	else {
	// get mime type defined by admin
	$mtype = $allowed_ext[$fext];
	}
	
	// Browser will try to save file with this filename, regardless original filename.
	// You can override it if needed.
	
	if (!isset($_GET['fc']) || empty($_GET['fc'])) {
	$asfname = $fname;
	}
	else {
	// remove some bad chars
	$asfname = str_replace(array('"',"'",'\\','/'), '', $_GET['fc']);
	if ($asfname === '') $asfname = 'NoName';
	}
	
	// set headers
	header("Pragma: public");
	header("Expires: 0");
	header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
	header("Cache-Control: public");
	header("Content-Description: File Transfer");
	header("Content-Type: $mtype");
	header("Content-Disposition: attachment; filename=\"$asfname\"");
	header("Content-Transfer-Encoding: binary");
	header("Content-Length: " . $fsize);
	
	// download
	// @readfile($file_path);
	$file = @fopen($file_path,"rb");
	if ($file) {
	while(!feof($file)) {
	print(fread($file, 1024*8));
	flush();
	if (connection_status()!=0) {
	@fclose($file);
	die();
	}
	}
	@fclose($file);
	}
	
	// log downloads
	if (!LOG_DOWNLOADS) die();
	//////////////////////////////////
	//Display count
	$filename = "count.txt";
	$handle = fopen($filename, "r");
	$count = fread($handle, filesize($filename));
	fclose($handle);
	
	$count = $count + 1;
	//echo "So luong download : " .$count ."<br>" ;
	$handle= fopen($filename, "w");
	fwrite($handle, $count);
	fclose($handle);
	
	/////////////////////////////////
	$f = @fopen(LOG_FILE, 'a+');
	if ($f) {
	@fputs($f,$count." ". date("m.d.Y g:ia")." ".$_SERVER['REMOTE_ADDR']. " ".$_SERVER['HTTP_REFERER']." ".$fname."\n");
	@fclose($f);
	}
}


?>
